hashes on restricted domains: random functions or permutations?
James A. Donald
jamesd at echeque.com
Wed Oct 18 05:04:42 EDT 2006
Travis H. wrote:
> So I was reading about the OTP system (based on S/Key) described in RFC
> 2289.
> It basically hashes a secret several times (with salt to individualize
> it) and stores
> the value that the correct password will hash to.
>
> Now my question is, if we restrict ourselves to, say, 160-bit inputs, is
> SHA-1
> a permutation, or do collisions exist? If there are collisions, then
> iterating
> the hash could lead to fewer possible values each time, potentially
> converging
> on a set of inputs that form a permutation and are closed under
> composition.
>
> Is that correct?
Yes.
> What are the expected sizes of such sets?
More relevant is how many iterations it takes to get to a significantly
smaller set.
> Is it worth worrying about?
No.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list